innernet icon indicating copy to clipboard operation
innernet copied to clipboard
verified publisher icon tonarino

Better visualization and UX for CIDR delegation

Open mcginty opened this issue 4 years ago • 1 comments

In it's current state, I don't find CIDR selection and delegation to be a particularly stress-free experience. I think it could benefit from some more clever uses of auto-suggestion of new CIDR blocks when allocating, as well as prettier and more intuitive ways to show the current usage of the subnet blocks within the network.

mcginty avatar Feb 02 '22 18:02 mcginty

When it comes to using IPv4 within innernet... IMHO I like the idea of IP's starting with 10.x.x.x (the 10. takes up the first 8 bits of a 32-bit address).

The challenge, which I had to "work backwards" from is this: if each group/department only got 256 IPs (by using CIDRs ending in /24), that would feel like too few, especially considering you can't recycle these IP addresses.

Preamble: My CIDR calculations might sound wonky, but please bear with me, as to the broader point I'm trying to make:

  • the final 11 bits would (ideally) get used by each "group"/dept" CIDR - each singular "group"/"department". So the 2048 IPs (2^11 = 2048) in each "group"/"department" - for assigning to peers (end client machines) - are much better: CIDRs ending in /21 (not /24). Remember, all client innernet hosts get eventually disabled/decommissioned over the longer term, never removed.

  • the next final 5 bits will get used by each "group"/"department"-level CIDRs ending in /16 in one given "organization", allowing up to 32 "departments"/"groups" in each "corporation"/"organization" (2^5 = 32)

  • the next final 2 bits are needed just to have an innernet-server for this corporation/organization: "root CIDR" ending in /14

  • the next final 4 bits will get used for the top-level "Corporate"/"Organization" CIDRs (like "evilcorp"), all fitting into /12, allowing up to 16 unique "corporations"/"organizations"/innernet interfaces (2^4 = 16). So you can use "sudo innernet-server new" up to 16 times, with 16 innernet network interfaces created. And you'll have to open 16 ports on the firewall of your cloud-hosted innernet server.

Have I understood correctly? I'm guessing, under this scenario, that the first "root CIDR" I create (for the new "organization", let's call it) with "sudo innernet-server new" would be that of 10.0.0.0/14. And the first "child CIDR" (a "group", let's call it within my new organization) within that "parent CIDR" would then be that of 10.0.0.0/21.

PS: I love how innernet has you just choose the CIDR's (it's all about calculating/sizing those), then IP address assignment is automatic, taking many of the tougher calculations out of the hands of the end user.

esbeeb avatar Sep 24 '22 01:09 esbeeb